Vulnerability Name:

CVE-2007-0908 (CCN-32493)

Assigned:2007-02-14
Published:2007-02-14
Updated:2018-10-30
Summary:The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the key_length variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element that contains a variable with a string name before a numerical variable.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.9 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.9 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-20
Vulnerability Consequences:Obtain Information
References:Source: SGI
Type: Broken Link
20070201-01-P

Source: MITRE
Type: CNA
CVE-2007-0908

Source: SUSE
Type: Broken Link
SUSE-SA:2007:020

Source: OSVDB
Type: Broken Link
32766

Source: CCN
Type: RHSA-2007-0076
Important: php security update

Source: CCN
Type: RHSA-2007-0081
Important: php security update

Source: CCN
Type: RHSA-2007-0082
Important: php security update

Source: CCN
Type: RHSA-2007-0088
Important: php security update

Source: CCN
Type: RHSA-2007-0089
Important: php security update for Stronghold

Source: REDHAT
Type: Third Party Advisory
RHSA-2007:0089

Source: CCN
Type: SA24089
PHP Multiple Vulnerabilities

Source: SECUNIA
Type: Third Party Advisory
24089

Source: SECUNIA
Type: Third Party Advisory
24195

Source: SECUNIA
Type: Third Party Advisory
24217

Source: SECUNIA
Type: Third Party Advisory
24236

Source: SECUNIA
Type: Third Party Advisory
24248

Source: SECUNIA
Type: Third Party Advisory
24284

Source: SECUNIA
Type: Third Party Advisory
24295

Source: SECUNIA
Type: Third Party Advisory
24322

Source: SECUNIA
Type: Third Party Advisory
24419

Source: SECUNIA
Type: Third Party Advisory
24421

Source: CCN
Type: SA24432
Avaya Products PHP Multiple Vulnerabilities

Source: SECUNIA
Type: Third Party Advisory
24432

Source: SECUNIA
Type: Third Party Advisory
24514

Source: SECUNIA
Type: Third Party Advisory
24606

Source: CCN
Type: SA24642
Avaya Products php Multiple Vulnerabilities

Source: SECUNIA
Type: Third Party Advisory
24642

Source: GENTOO
Type: Third Party Advisory
GLSA-200703-21

Source: SREASON
Type: Third Party Advisory
2321

Source: CCN
Type: SECTRACK ID: 1017671
PHP Buffer Overflows and Format String Bugs Permit Code Execution and Denial of Service

Source: CONFIRM
Type: Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2007-101.htm

Source: CCN
Type: ASA-2007-101
php security update (RHSA-2007-0076)

Source: CONFIRM
Type: Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2007-136.htm

Source: CCN
Type: ASA-2007-136
php security update (RHSA-2007-081 RHSA-2007-0088)

Source: DEBIAN
Type: DSA-1264
php4 -- several vulnerabilities

Source: CCN
Type: GLSA-200703-21
PHP: Multiple vulnerabilities

Source: MANDRIVA
Type: Third Party Advisory
MDKSA-2007:048

Source: CCN
Type: OpenPKG-SA-2007.010
php

Source: OPENPKG
Type: Third Party Advisory
OpenPKG-SA-2007.010

Source: CCN
Type: OSVDB ID: 32766
PHP wddx Extension Unspecified Information Disclosure

Source: CCN
Type: MOPB-11-2007
PHP WDDX Session Deserialization Information Leak Vulnerability

Source: MISC
Type: Third Party Advisory
http://www.php-security.org/MOPB/MOPB-11-2007.html

Source: CONFIRM
Type: Third Party Advisory
http://www.php.net/ChangeLog-5.php#5.2.1

Source: CCN
Type: PHP Web site
Downloads- PHP 5.2.1

Source: CCN
Type: The PHP Group Web site
PHP 5.2.1 Release Announcement

Source: CONFIRM
Type: Third Party Advisory
http://www.php.net/releases/5_2_1.php

Source: REDHAT
Type: Third Party Advisory
RHSA-2007:0076

Source: REDHAT
Type: Third Party Advisory
RHSA-2007:0081

Source: REDHAT
Type: Third Party Advisory
RHSA-2007:0082

Source: REDHAT
Type: Third Party Advisory
RHSA-2007:0088

Source: BUGTRAQ
Type: Third Party Advisory, VDB Entry
20070227 rPSA-2007-0043-1 php php-mysql php-pgsql

Source: BID
Type: Patch, Third Party Advisory, VDB Entry
22496

Source: CCN
Type: BID-22496
PHP 5.2.0 and Prior Versions Multiple Vulnerabilities

Source: BID
Type: Third Party Advisory, VDB Entry
22806

Source: CCN
Type: BID-22806
PHP WDDX Session Deserialization Information Leak Vulnerability

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1017671

Source: TRUSTIX
Type: Broken Link
2007-0009

Source: CCN
Type: TLSA-2007-20
Multiple vulnerabilities in php

Source: CCN
Type: USN-424-1
PHP vulnerabilities

Source: UBUNTU
Type: Third Party Advisory
USN-424-1

Source: CCN
Type: USN-424-2
PHP regression

Source: UBUNTU
Type: Third Party Advisory
USN-424-2

Source: DEBIAN
Type: Broken Link
DSA-1264

Source: VUPEN
Type: Permissions Required, Third Party Advisory
ADV-2007-0546

Source: XF
Type: Third Party Advisory, VDB Entry
php-wddx-information-disclosure(32493)

Source: XF
Type: UNKNOWN
php-wddx-information-disclosure(32493)

Source: CONFIRM
Type: Broken Link
https://issues.rpath.com/browse/RPL-1088

Source: OVAL
Type: Third Party Advisory
oval:org.mitre.oval:def:11185

Source: SUSE
Type: SUSE-SA:2007:020
PHP security problems

Vulnerable Configuration:Configuration 1:
  • cpe:/a:php:php:4.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0:beta3:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0:beta4:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0:beta_4_patch1:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:php:php:4.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:php:php:*:*:*:*:*:*:*:* (Version >= 4.0.0 and < 4.4.5)
  • OR cpe:/a:php:php:*:*:*:*:*:*:*:* (Version >= 5.0.0 and < 5.2.1)

    • Configuration 2:
  • cpe:/o:canonical:ubuntu_linux:5.10:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:php:php:5.0.3:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.4:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.5:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.1.2:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.2:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:beta3:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:beta4:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.0:rc3:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.0.1:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.1.0:-:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:php:php:5.1.5:-:*:*:*:*:*:*
  • AND
  • cpe:/a:redhat:stronghold:-:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:current:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:10.0::oss:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:10.1::personal:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006::x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:personal:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:home:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:multimedia:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:10.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20070908
    V
    		CVE-2007-0908
    2017-09-27
    oval:org.mitre.oval:def:22487
    P
    		ELSA-2007:0082: php security update (Important)
    2014-05-26
    oval:org.mitre.oval:def:11185
    V
    		The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the key_length variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element that contains a variable with a string name before a numerical variable.
    2013-04-29
    oval:com.redhat.rhsa:def:20070076
    P
    		RHSA-2007:0076: php security update (Important)
    2008-03-20
    oval:com.redhat.rhsa:def:20070082
    P
    		RHSA-2007:0082: php security update (Important)
    2008-03-20
    oval:org.debian:def:1264
    V
    		several vulnerabilities
    2007-03-07
    BACK
    php php 4.0
    php php 4.0 beta1
    php php 4.0 beta2
    php php 4.0 beta3
    php php 4.0 beta4
    php php 4.0 beta_4_patch1
    php php 4.0 rc1
    php php 4.0 rc2
    php php *
    php php *
    canonical ubuntu linux 5.10
    canonical ubuntu linux 6.06
    canonical ubuntu linux 6.10
    php php 5.0.3
    php php 5.0.4
    php php 5.0.0
    php php 5.0.5
    php php 5.1.1
    php php 5.1.2
    php php 5.1.4
    php php 5.0.2
    php php 5.1.6
    php php 5.2.0
    php php 5.0.0 beta1
    php php 5.0.0 beta2
    php php 5.0.0 beta3
    php php 5.0.0 beta4
    php php 5.0.0 rc1
    php php 5.0.0 rc2
    php php 5.0.0 rc3
    php php 5.0.1
    php php 5.1.0
    php php 5.1.3
    php php 5.1.5
    redhat stronghold -
    openpkg openpkg current
    gentoo linux *
    suse linux enterprise server 8
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    debian debian linux 3.1
    novell open enterprise server *
    mandrakesoft mandrake multi network firewall 2.0
    suse suse linux 10.0
    redhat linux advanced workstation 2.1
    mandrakesoft mandrake linux 2006
    canonical ubuntu 6.06
    suse suse linux 10.1
    mandrakesoft mandrake linux 2006
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 3.0
    turbolinux turbolinux personal *
    turbolinux turbolinux home *
    turbolinux turbolinux multimedia *
    redhat enterprise linux desktop 5.0
    redhat enterprise linux 5
    redhat enterprise linux 5
    novell open enterprise server *
    novell opensuse 10.2
    suse suse linux 9.3